Payment Processing Solutions, Data Security Specialist

Another interesting week for cyber crime! Sonic Drive-In, a fast-food chain with nearly 3,600 locations across 45 U.S. states, has acknowledged a breach affecting an unknown number of store payment systems. The ongoing breach may have led to a fire sale on millions of stolen credit and debit card accounts that are now being peddled in shadowy underground of the WWW!

Christi Woodworth, vice president of public relations at Sonic, said the investigation is still in its early stages, and the company does not yet know how many or which of its stores may be impacted.

Mrs. Woodworth, added “Our credit card processor informed us last week of unusual activity regarding credit cards used at SONIC,” “The security of our guests’ information is very important to SONIC. We are working to understand the nature and scope of this issue, as we know how important this is to our guests. We immediately engaged third-party forensic experts and law enforcement when we heard from our processor. While law enforcement limits the information we can share, we will communicate additional information as we are able.”

Malicious hackers typically steal credit card data from organizations that accept cards by hacking into point-of-sale systems remotely and seeding those systems with malicious software that can copy account data stored on a card’s magnetic stripe. Thieves can use that data to clone the cards and then use the counterfeits to buy high-priced merchandise from electronics stores and big box retailers.

The next step is plain and simple “always check your online banking for unusual activity as well as your credit card statements. I would also contact your bank and credit card company and look into placing a cap purchase or notification on your purchases to ding your cellular device . We live in an age where we have to be alert and protect our financial future.

No Evidence of Unauthorized Access to Core Consumer or Commercial Credit Reporting Databases

Company to Offer Free Identity Theft Protection and Credit File Monitoring to All U.S. Consumers

September 7, 2017 — Equifax Inc. (NYSE: EFX) today announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Criminals exploited a U.S. website application vulnerability to gain access to certain files. Based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. As part of its investigation of this application vulnerability, Equifax also identified unauthorized access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps. The company has found no evidence that personal information of consumers in any other country has been impacted.

Equifax discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities. While the company’s investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith. “We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations. We also are focused on consumer protection and have developed a comprehensive portfolio of services to support all U.S. consumers, regardless of whether they were impacted by this incident.”

Equifax has established a dedicated website, www.equifaxsecurity2017.com, to help consumers determine if their information has been potentially impacted and to sign up for credit file monitoring and identity theft protection. The offering, called TrustedID Premier, includes 3-Bureau credit monitoring of Equifax, Experian and TransUnion credit reports; copies of Equifax credit reports; the ability to lock and unlock Equifax credit reports; identity theft insurance; and Internet scanning for Social Security numbers – all complimentary to U.S. consumers for one year. The website also provides additional information on steps consumers can take to protect their personal information. Equifax recommends that consumers with additional questions visit http://www.equifaxsecurity2017.com or contact a dedicated call center at 866-447-7559, which the company set up to assist consumers. The call center is open every day (including weekends) from 7:00 a.m. – 1:00 a.m. Eastern time. Contribution – Equifax.

The Visa Technology Innovation Program (TIP) is part of Visa’s ongoing strategy to protect the payment system and advance security practices that will help secure cardholder data. This program rewards and further encourages the use of EMV and P2PE technologies as it decreases the value of transaction data to criminals.

TIP allows qualifying merchants to discontinue their annual PCI DSS revalidation assessment. Qualifying merchants can reap meaningful savings, and will have the opportunity to reinvest those savings into additional technology to support dynamic data processing.

Effective 31 January 2017, acquirers must ensure Level 4 merchants annually validate PCI DSS compliance or participate in the Technology Innovation Program (TIP). Find out who qualifies for TIP Visa so your prepared for 2017.

Having 17 years experience in the virtual payment processing industry I can recall walking the floors of many conventions and noticed small start-up companies with the word “biometrics”.

Now I thought to myself, OK what the heck does that have to do with payment processing and how will it help a SMB. Well, it has been a long time coming and it’s here, biometrics is expanding in the market place and we may soon say goodbye to passwords.

Current trends are any indication, passwords may soon be a thing of the past. A recent survey from Gigya reported that 52 percent of customers said they would prefer biometrics or “modern authentication methods” to a password when logging in to an online account.

Google announced it would begin to test “Trust API,” a new alternative to passwords, in an effort to end the use of traditional login methods by the end of this year. The API uses factors such as voice patterns, typing and swiping behaviors, and face shape to determine a user’s identity. Citibank also ramped up its biometric offerings, announcing it would implement a voice-powered authentication solution in Asia over the coming months.

The biometrics market as a whole is expanding. According to the “Global Mobile Biometrics Market 2016-2020” report from Technavio, the market will expand at a CAGR of 103 percent over the next four years. The study predicts that the mobile biometric market will be valued at $12 billion by 2020.

I would recommend to all SMB who process virtual payment transactions, be engaged with the your industry innovative changes and stay ahead of the fraudsters. Get to know who your customers are and they will embrace your product or services knowing your protecting their financial future.

Watch what Watch! We have moved into the realm of mobile payments with our wearable watch. Wearable tech tracks our emails, checking accounts, fitness and how we shop. The first wearable were big and bulky digital watches which helped us add and subtract with built in calculators.

Today’s advanced technology applications in wearable and may I add fashionable watches provide the convenience for consumers to pay at the point of sale for goods and services.

Research and consulting firm Frost & Sullivan estimates the number of mobile wallet users around the world will rise from 409 million in 2015 to nearly 2 billion in 2023. The same report estimates transaction values will increase from $315 billion in 2014 to $1.6 trillion by 2020.

The majority of smartphones and wearables that offer payment functionality use near field communication (NFC) to talk between POS devices and mobile devices. And NFC is readily available in most new card terminals, including those that accept chip card transactions. If a terminal isn’t NFC-ready, many are upgradeable.

Business owners who are looking for opportunities to expand their offerings by excepting mobile payments from wearable technology the time is now!

For more information contact Paylab Plus and consult with one of our experts 888.413.9186.

Its tax season and the IRS issued an alert to all payroll and HR departments to beware of the old scheme of emerging phishing emails and the new twist is they appear to come from cyber criminal posing as company executives requesting personal information of their employees.

Criminals are focusing on payroll departments tricking people into sharing personal data, IRS Commissioner John Koskinen, “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”

Spoofing refers to tricking or deceiving computer systems or other computer users. This is typically done by hiding one’s identity or faking the identity of another user on the Internet.

Here are a few examples to look for during this tax season:

Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.

Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).

I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

The IRS has noticed an 400% surge in phishing and malware incidents so far this tax season. I recommend training, education and some more training and education be diligent and present to all your daily tasks.